CVE-2026-27169: OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-a
Summary
OpenSift, an AI study tool that uses semantic search (finding information by meaning rather than exact keywords) and generative AI to analyze large datasets, has a vulnerability in versions 1.1.2-alpha and below where untrusted content is rendered unsafely in the chat interface, allowing XSS (cross-site scripting, where attackers inject malicious code that runs in a user's browser). An attacker who can modify stored study materials could execute JavaScript code when a legitimate user views that content, potentially letting the attacker perform actions as that user within the application.
Solution / Mitigation
This issue has been fixed in version 1.1.3-alpha.
Vulnerability Details
8.9(high)
EPSS: 0.0%
Classification
Affected Vendors
Related Issues
CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne
CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-27169
First tracked: February 20, 2026 at 11:07 PM
Classified by LLM (prompt v3) · confidence: 85%